The moral of this story was that you can use reverse search on your browser to double check images before you believe that they are current or even relevant to the story they are attached to. In a lot of cases, he discovered that the images being Tweeted during the riots were actually old images.

So how do we actually do these checks that he talks about in the article?

Using Google Reverse Image Search

First off, if you’re not using Google Chrome for all of your OSINT goodness then you really should. Firefox has some tools that you can install, but overall I have always preferred using Chrome. Now let’s take a look at a neat piece of technology that is built in to Chrome. I want you to right-click on the image below and then select Search Google for this image.

Chrome will automatically send you over to images.google.com and it will tell you a whole bunch of great information as shown below:

So this is actually incredibly neat! Google has figured out that it is “Black Hat Python” as you can see in the search bar at the top of the screen. As well they have pulled some relevant URLs and displayed a list of “Visually similar images”. All from a single right-click in Chrome. Now let’s take a look at TinEye.

Reverse Image Searching With TinEye

TinEye is a reverse image search engine that is designed to only return web pages that contain your target image. Its algorithms are designed differently than Google’s and as such can return different results than the first method we explored.

To install the Chrome Extension simply visit the TinEye Extension page here and click the “Add To Chrome” button in the top left corner of the page as shown below:

Once you have added the extension you now have TinEye search capabilities at your fingertips. So let’s try the same technique, right click on my book cover and select Search Image on TinEye from the popup menu. This will open a new browser tab and show you the results from TinEye.

Voila! Now you can search all manner of images that you come across when you are doing your OSINT work, or even if you want to watch events unfold in real time you can begin to spot the bullshitters. Just like Eoghan did.

Wrapping Up

As mentioned in the article at the beginning of this post, this is an incredibly useful way to determine if someone is reposting old content or actually uploading some new stuff. If Google only returns results for example for “Baltimore riots” and does not have older images present in its index you can ascertain that the image is newer and potentially original content. You can augment those results with a TinEye search as well. Another useful technique is to take a logo or image used by a group of people, and use TinEye or Google searches to find other social media or websites that use the logo or image to help expand your investigation sources.

Automation

Now of course what you could do to automate this process would be to watch a trending hash tag on Twitter, and then monitor all posts with photos in them. As each photo gets posted, you could then retrieve that photo and use the TinEye API to reverse search automatically. You could then set up an alerting system that would email you or SMS when a new image is detected that does not show up in TinEye. You could also use these results to begin to filter out the bullshitters from your Twitter searches. If you’re interested in learning how to write code to do exactly that, get some more information about my OSINT course here.

Share this article:

Justin Seitz is Canadian security consultant and author of two computer hacking books from No Starch Press. He blogs at AutomatingOSINT.com and can be found on Twitter @jms_dot_py.

Join the Bellingcat Mailing List:

Enter your email address to receive a weekly digest of Bellingcat posts, links to open source research articles, and more.

Support Bellingcat

You can support the work of Bellingcat by donating through the below link:

I had DuckDuckGo as my default search engine, and the right click did not bring up “Search Google for this Image.” Apparently this also does not work if you use a localized Google web site (like google.fr) as default.

To fix this, either add the “search by image by Google” extension to Chrome or change back to the generic Google.com default search engine.

I was able to add the TinEye extension to Google, and I get “Search image on TinEye” in the context menu.

Questions:

1. Would you please compare reverse image searches from Google, Bing, and TinEye?

2. How does one interpret the results? Yes, one could use one’s general intelligence and careful reading, but I’m hoping to find a way to determine which image on the web is the original. I suppose the earliest date “wins.”

3. Erm, does “the original” have any meaning? Perhaps one could trust the metadata, but clever hackers can edit metadata, and some earliest uses on the web might lack metadata.

I tried demoing the TinEye reverse image search today in a class. Didn’t work. Couldn’t diagnose in front of folks. This evening I found that the reverse image search sometimes does not work in Facebook. To try to make it work, I clicked on an image in someone’s feed and got to a larger image. There it worked. I wish the explanations of how to use this were just a little bit more detailed. I’d like to start using it without having to test, and test, and test. (I’m not that good at testing.)